Transcription

1 DSL and Cable Modems: The Dangers of Having a Static IP Address By Joe Edwards ECE 478 Spring 2000

2 1.0 Introduction As computer technology continues to rapidly progress, more and more people are abandoning their traditional modems for much higher speed Internet connections. Currently, the two most popular methods for the average home user to obtain a high speed connection to the Internet are through Digital Subscriber Lines ( DSL ) and Cable Modems. An added advantage of these types of connections is that they are always connected to the Internet, and do not interfere with normal telephone line usage. It is this last fact, however, that is responsible for a number of serious security concerns. The fact that these computers are always connected implies that they are given a fixed Internet Protocol ( IP ) address. Even though cable companies theoretically assign their IP addresses dynamically from a pool of addresses during each connection, in reality, users typically wind up with the same address all of the time [B]. With DSL, users also are normally given a fixed IP address. This effectively gives these users a permanent presence on the Internet, which makes them substantially more visible targets to malicious activity than they would be otherwise. 2.0 The Security Issues 2.1 Open Ports Traditional modem connections to the Internet are almost always assigned a different IP address for each connection, meaning that a given system is difficult to find and track. Automatic port ( ports are the doorways into a computer over a network connection ) scanning devices are currently in wide use on the Internet to find open ports that may be exploited by a remote party. A popular web site, Shields Up! ( http: //grc.com ) has performed over 2.3 million tests on computer systems. Over one-fourth of the systems tested allowed some degree of access to their file systems over the Internet. An astonishing 8 percent allowed any kind of operations ( including deletion ) to files over the Internet using Windows file sharing! [A] This statistic clearly shows that the danger of a persistent Internet connection, particularly when running the ubiquitous Windows 95/98, is very real. The problem is aggravated by the fact that home users are many times completely unaware of these security issues. Traditional users of persistent Internet connections, such as corporations, hire information systems specialists to protect their connection with a variety of sophisticated hardware and software firewall mechanisms. In contrast, many home users run Windows 95/98 and unknowingly share all of their files with everyone on the Internet using the infamous NetBIOS protocol on port The Biggest Targets Naturally, the biggest targets for an attack are software packages that are very widely used. These packages include the Microsoft Windows operating system, Microsoft Internet Explorer, and Microsoft Outlook. As indicated in the previous section, by far the easiest and most common target is the file sharing that is built into Windows. If file sharing is enabled through NetBIOS on a Windows 95/98 computer, then it is very possible that everyone on the Internet will have read, and perhaps even write access to the shared files. Clearly, this is a security problem that could prove to be completely devastating to all confidentiality as well as all aspects of the filesystem.

3 Another huge target involves the use of ActiveX and Java applets in Internet Explorer. It is possible for these entities to gain access to all aspects of a computer system, and even disable existing security. Microsoft Internet Explorer is integrated into the Windows 98 operating system, and therefore, to a large degree, security weaknesses of Internet Explorer many times become security weaknesses for the system as a whole. The last major target is one that has received a large amount of publicity for its wide spread effectiveness. This target is that of malicious attachments and scripts. Scripts and executable files distributed via can be designed to facilitate any number of different possible attacks. One attack that is particularly effective in the context of persistent Internet connections is that of an invisible Trojan horse program, such as the famous Back Orifice. These Trojan horse programs can potentially allow an attacker to have complete and total control of a compromised system remotely over the Internet. 2.3 Why would a hacker want to access a home system? Many people are skeptical as to why a hacker would even have an incentive to hack into their system. [A] At best it might be possible for them to steal a credit card number or two, or maybe some files, but the incentive appears to be small. In fact, there does potentially exist a much more compelling reason for a hacker to want to gain access to a home system. Recently, a very popular type of attack, known as a denial-of-service attack has been shown to be very effective. In order for an attack like this to work well, an attacker needs to be able to gain control over a number of remote systems from which to stage the attack. If this is done correctly, the attack will appear to be coming from individuals that may not even be aware that their system has been compromised. This could allow the real perpetrator to escape without even being suspected. 2.4 The Internet service provider perspective Internet Service Providers ( ISP s ) that provide the connection have an incentive to not emphasize security at all, for obvious financial reasons. If consumers believed that the service is dangerous, then sales of the service might be in jeopardy. In fact, the companies will typically downplay the dangers and emphasize that hackers do not have much financial incentive for attacking average home users. As a result of this thinking, DSL modems do not normally have any kind of built in security. [C] Even the ISP s themselves do not typically provide any type of firewall service. As consumers are starting to become aware of the dangers, they are putting more pressure on the service providers to provide more protection. Some ISP companies have even distributed firewall software to their customers. Another newer approach is emerging in which the ISP itself runs embedded-firewall software, such as software from SofaWare Technologies ( http: //www.sofaware.com ). This could prove to be an attractive solution to ISP s in the future, because it would reduce the cost of end user support. [A] 3.0 Security Solutions 3.1 Disable the connection while it is not needed Ultimately, complete security can be guaranteed by simply turning off the computer or disconnecting it from the network. A computer that is not connected and/or running cannot be

4 attacked. Most of the new DSL modems can be simply turned on and off. Security of a system could likely be raised substantially by disabling the Internet connection while it is not needed. 3.2 Turn off file sharing and close the ports The single biggest target in Windows 95/98, as mentioned previously, is port 139. This is the port that Windows uses for file sharing and Network Neighborhood type activities. It is through this port that Windows is able to see other systems and find out some basic information about them, even if file sharing is disabled. If a cable modem is used, then all of the users that are using cable modem access nearby will likely show up as being in the same Network Neighborhood. if this port is left open. The easiest and most effective way to remove this security danger and intrusion of privacy is to remove the Client for Microsoft Networking from the networking components on the system. This should not cause any problems as long as file sharing or network based printing services are not needed. If it is absolutely necessary to be able to share files and/or printers on the network, then NetBEUI should be used instead of NetBIOS. NetBEUI connections are not visible over the Internet. Another major way to keep ports closed is to close programs that access the network when they are not needed. These programs ( such as chat programs, etc.. ) can run quietly in the background and accept connections on their ports, introducing potential vulnerability to a system. 3.3 Protect important files To ultimately insure the integrity and secrecy of important files, even in the event that an intruder intercepts them, encryption of the files should be used. If important files are securely encrypted, then it will not be possible for an attacker to gain anything by simply capturing the files without the appropriate decryption key. Of course, this secret key itself must be kept absolutely secure by some means. 3.4 Keep the operating system up to date Operating systems, particularly from Microsoft, are updated constantly to attempt to fix newly found security holes. In order to gain protection from the latest attacks, it is important to keep an operating system completely up to date. This is usually easily done by referring to the update page of the software producer ( such as http: //www.microsoft.com ). 3.5 Use a Virus Scanner As mentioned earlier, some types of viruses, especially Trojan horses, attempt to maintain hidden from the user on a system. These viruses may wait quietly and listen on a port until an intruder makes a connection. Perhaps the best way to discover this type of scenario is to run an updated virus scanner. The virus scanner will work to ensure that such an attack is not possible by attempting to locate Trojan horses and activity of this kind. 3.6 Install a firewall

5 Using a firewall is probably the most effective defensive strategy available. A good firewall, if configured correctly, is capable of protecting all of the ports on a system. As companies recognize the increasing number of home users with persistent Internet connections, more and more appropriate and reasonably priced products are becoming available for this purpose. 4.0 Conclusion The number of computers with persistent Internet computers is projected to continue its current explosive growth. An estimate by Jupiter Communications predicts that 15.3 million households in the United States will have broadband ( always on ) Internet connections by [A] Clearly, the risk of security problems will be tremendous with this many potential targets online. It is important that the users of these connections are aware of the potential security issues. With the appropriate precautions it will be possible for many more people than ever before to safely enjoy a broadband presence on the Internet. References [A] T Spangler, Home Is Where The Hack Is, in Week, April 13, 2000 [B] R Pacciano, Risk-Free Broadband Access, in Computer Shopper, July 22, 1999 [C] J Aspinwall, Prying Eyes, in Computer User, January 25, 2000

TIME TO LIVE ON THE NETWORK Executive Summary This experiment tests to see how well commonly used computer platforms withstand Internet attacks in the wild. The experiment quantifies the amount of time

Security in DSL Networks Issues and Solutions for Small-to-Medium Sized Enterprises T E C H N I C A L P A P E R Security in DSL Networks The High Cost of Internet Security Breaches.... 1 Who is Most at

61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and

Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and

Overview of Attack Trends CERT Coordination Center The CERT Coordination Center has been observing intruder activity since 1988. Much has changed since then, from our technology to the makeup of the Internet

Using a Firewall General Configuration Guide Page 1 1 Contents There are no satellite-specific configuration issues that need to be addressed when installing a firewall and so this document looks instead

How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if

PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

Introduction Windows 95/98/ME Welcome to Hay Communications Enhanced High Speed Internet Service The next few pages will guide you through the installation of the modem and software requirements of your

Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005 A system or combination of systems that enforces a boundary between two or more networks - NCSA Firewall

CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

Ten Deadly Sins in Wireless Security The emergence and popularity of wireless devices and wireless networks has provided a platform for real time communication and collaboration. This emergence has created

Cyber Security: An Introduction Security is always a trade-off between convenience and protection. A good security policy is convenient enough to prevent users from rebelling, but still provides a reasonable

WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic

VPN Overview The path for wireless VPN users First, the user's computer (the blue computer) connects to an access point in the uiuc-wireless-net network and is assigned an IP address in that range (172.21.0.0

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library Why should you be concerned? There are over 1 million known computer viruses. An unprotected computer on the

INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

Go Wireless Open up new possibilities for work and play Start with 3 pieces A typical home or small-office wireless LAN requires only 3 pieces of hardware. With these 3 pieces, you re ready to get started!

By James Thomas DTEC 6823 Summer 2004 What is a firewall? Firewalls for small business A firewall is either hardware, software or a combination of both that is used to prevent, block or should I say try

E-commerce Production Firewalls A Proper Security Design 2006 Philip J. Balsley. This document and all information contained herein is the sole and exclusive property of Philip J. Balsley. All rights reserved.

933 COMPUTER NETWORK/SERVER SECURITY POLICY 933.1 Overview. Indiana State University provides network services to a large number and variety of users faculty, staff, students, and external constituencies.

Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole

PCI Security Scan Procedures Version 1.0 December 2004 Disclaimer The Payment Card Industry (PCI) is to be used as a guideline for all entities that store, process, or transmit Visa cardholder data conducting

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG What is wireless technology? ITMC TECH TIP ROB COONCE, MARCH 2008 In our world today, this may mean sitting down at a coffee

How Do People Use Security in the Home Kaarlo Lahtela Helsinki University of Technology Kaarlo.Lahtela@hut.fi Abstract This paper investigates home security. How much people know about security and how

Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer

Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber

Whitepaper 2 Introduction The common factor in today s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional

Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

SANS Amsterdam, Netherlands September 8, 2008 Penetration Testing of control systems, is it a good idea? Managing Consultant Roelof.Klein@capgemini.com http://www.linkedin.com/in/roelofklein Definition

v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.